US10043017B2 - Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment - Google Patents

Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment Download PDF

Info

Publication number
US10043017B2
US10043017B2 US15/226,237 US201615226237A US10043017B2 US 10043017 B2 US10043017 B2 US 10043017B2 US 201615226237 A US201615226237 A US 201615226237A US 10043017 B2 US10043017 B2 US 10043017B2
Authority
US
United States
Prior art keywords
fragments
file
encryption key
user
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US15/226,237
Other versions
US20170372078A1 (en
Inventor
Paul Lewis
Original Assignee
Paul Lewis
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US201361812115P priority Critical
Priority to US14/251,612 priority patent/US9405926B2/en
Application filed by Paul Lewis filed Critical Paul Lewis
Priority to US15/226,237 priority patent/US10043017B2/en
Priority claimed from EP17840037.0A external-priority patent/EP3482336A1/en
Publication of US20170372078A1 publication Critical patent/US20170372078A1/en
Publication of US10043017B2 publication Critical patent/US10043017B2/en
Application granted granted Critical
Priority claimed from US16/261,720 external-priority patent/US20190156045A1/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0602Dedicated interfaces to storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0628Dedicated interfaces to storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0668Dedicated interfaces to storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communication using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/10Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
    • H04L67/1097Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for distributed storage of data in a network, e.g. network file system [NFS], transport mechanisms for storage area networks [SAN] or network attached storage [NAS]

Abstract

A cloud based system for providing data security, the system having a processor which creates a source data file; wherein the source data file is split into at least one fragments; an encryption key associated with the at least one fragments; and wherein the at least one fragments is encrypted by the encryption key; a plurality of cloud storage providers; wherein the at least one fragments is distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the at least one fragments; a pointer file which is created on a local computer; wherein the pointer file stores the location of the at least one fragments; and wherein the pointer file is accessed; the encryption key authenticates the plurality of cloud storage providers; the at least one fragments are transferred from the plurality of cloud storage providers to the local computer; and wherein the at least one fragments are reassembled; and the source data file is deleted.

Description

CLAIM OF PRIORITY

This application is a continuation in part of and claims priority to U.S. patent application Ser. No. 14/251,612 filed Jun. 30, 2014, which claims priority to U.S. provisional application No. 61/812,115 filed Apr. 15, 2013, the disclosures of which are incorporated herein by reference in their entirety for any purpose whatsoever.

FIELD OF THE EMBODIMENTS

This invention relates to data protection and security in a cloud based environment. In particular, the invention allows data to be stored in a cloud environment whereby it is inaccessible to any third party and not subject to data privacy laws of any given jurisdiction.

BACKGROUND OF THE EMBODIMENTS

With the advent of the internet, cyber security and data privacy is a growing global concern in today's world. Information technology and electronic discovery advances in a variety of industries, including the legal industry have compounded the issue. The United States and many foreign countries have enacted strict and stringent requirements on data privacy and security. Global entities and multinational corporations have struggled to comply with local data privacy laws. Data privacy laws define how companies and individuals must store and manage computer data. However, the laws are complex and sometimes the laws of one jurisdiction are in direct conflict with the laws of another jurisdiction. This has caused companies to give much thought as to how and where it stores their protected data. Because of the evolution of technology, companies are migrating away from managing and storing data internally, and opting instead to store data with a third party. The third party provider provides the physical infrastructure and maintains the data for a large number of customers. This scenario is generally known as the “cloud” or a virtual storage system. Such cloud based systems are used by many companies, but each is maintained by a single cloud service provider or “cloud vendor”.

The development of the cloud has introduced many new challenges for companies. Customers are unclear as to what jurisdiction contains their inactive digital data (i.e. data at rest), since a cloud customer does not know where a cloud vendor maintains its actual physical infrastructure. Other challenges involve data security. Cloud environments can be compromised by hackers or by a company's internal employees ultimately leading to an organization's data being accessed or transferred. If the data is sensitive, such as personally identifiable information (“PII”), the company may be required to make a mandatory disclosure to its customers. In some cases, the company is not aware of such an invasion, and thereby may not make the disclosure they are required to make. In addition, a cloud vendor may go offline or go out of business, thereby creating a potential situation where a subscriber cannot access its own data. The present invention solves many of these and other challenges.

The present invention relates to a cloud based system including the creation of a system which causes computer data to be redundant and jurisdiction independent. In the present application, a data file is segmented and encrypted wherein each data file segment is striped across multiple cloud service providers. Thus, in the event each cloud service provider maintains physical storage in a different jurisdiction, then each encrypted segment will be at rest in a different jurisdiction. Therefore, each encrypted segment contains no readable data on its own, and must be reassembled with its other segments before the whole can be decrypted. Only once the segments from different jurisdictions are assembled can it be decrypted and read. The disclosed system enables a data file to be jurisdictionally independent until it is reassembled, and once the data is reassembled will it be able to be governed. The present application enables a company to subscribe to many cloud vendors, and not have to worry about their data at rest. For example, during the legal discovery process, a company can choose the jurisdiction for data production simply by reassembling its data in that jurisdiction.

SUMMARY OF THE EMBODIMENTS

The present embodiment of the invention relates to a cloud based system for providing data security. The system comprises a processor; said processor creates a source data file; wherein said source data file is split into at least one fragments; an encryption key; said encryption key associated with the at least one fragments; and wherein the at least one fragments is encrypted by the encryption key; a plurality of cloud storage providers; wherein the at least one fragments is distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the at least one fragments; a pointer file; wherein said pointer file is created on a local computer; wherein said pointer file stores the location of the at least one fragments; and wherein said pointer file is accessed; said encryption key authenticates the plurality of cloud storage providers; the at least one fragments are transferred from the plurality of cloud storage providers to the local computer; wherein the at least one fragments are reassembled; and the source data file is deleted. The system further comprises an encryption key created by the user. The system further comprises the encryption key being auto generated by the processor. The system further comprises the pointer file being stored locally on a user's computer and wherein the pointer file further comprises a lookup table.

A computer implemented method for providing data security in a cloud based system, the method comprising: creating via a processor, a source data file; splitting, via a processor said source data file into at least one fragments; associating, via a processor an encryption key with the at least one fragments; encrypting, via a processor the at least one fragments by the encryption key; distributing, via a processor the at least one fragments among a plurality of cloud storage providers; whereby no single cloud storage provider possesses all of the at least one fragments; creating a pointer file on a local computer; wherein said pointer file; storing the location of the at least one fragments; accessing said pointer file; authenticating, via a processor the plurality of cloud storage providers by the encryption key; transferring, via a processor; the at least one fragments from the plurality of cloud storage providers to the local computer; reassembling, via a processor the at least one fragments; and wherein the source data file is deleted.

A cloud based system for providing data security, the system comprising; a processor; said processor creates a source data file; wherein said source data file is split into at least one fragments; an encryption key; said encryption key created by a first user and associated with the at least one fragments; and wherein the at least one fragments is encrypted by the encryption key; a plurality of cloud storage providers; wherein the at least one fragments is distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the at least one fragments; a pointer file; wherein said pointer file is created on a first local computer and the source data file is deleted; wherein said pointer files stores the location of the at least one fragments; and wherein said pointer file and said encryption key is shared with a second user; wherein said pointer file is accessed by the second user on a second local computer; and wherein the second user uses said encryption key to authenticate the plurality of cloud storage providers; the at least one fragments are transferred from the plurality of cloud storage providers to the second local computer of the second user; wherein the at least one fragments are reassembled by the second user on the second local computer. The system further comprises the encryption key and pointer file being shared with the second user through encrypted transmission methods. The system further comprises the encryption key being created by the first user. The system further comprises the encryption key being auto generated by the processor. The system further comprises the pointer file being stored locally on a first or second user's computer and wherein the pointer file further comprises a lookup table.

A computer implemented method for providing data security in a cloud based system, the method comprising: creating via a processor, a source data file on a first local computer of a first user; splitting, via a processor said source data file into at least one fragments; wherein the first user is creating an encryption key and Associating, via a processor the encryption key with the at least one fragments; encrypting, via a processor the at least one fragments by the encryption key; distributing, via a processor the at least one fragments among a plurality of cloud storage providers; whereby no single cloud storage provider possesses all of the at least one fragments; creating a pointer file on the first local computer whereby the source data file is deleted; wherein said pointer file and the encryption is shared by the first user to a second user; and wherein said pointer file stores the location of the at least one fragments; and wherein the second user is accessing said pointer file and using said encryption key to authenticate the plurality of cloud storage provider; and cause the transferring of the at least one fragments from the plurality of cloud storage providers to a second local computer of the second user; and wherein the at least one fragments are reassembled on the second local computer of the second user.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows the preferred embodiment of the system of the invention.

FIG. 2 show the preferred method of the invention.

FIG. 3 shows a graphical representation of the flow of a data file and data blocks in the system.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The preferred embodiments of the present invention will now be described with reference to the drawings. Identical elements in the various figures are identified with the same reference numerals.

Reference will now be made in detail to each embodiment of the present invention. Such embodiments are provided by way of explanation of the present invention, which is not intended to be limited thereto. In fact, those of ordinary skill in the art may appreciate upon reading the present specification and viewing the present drawings that various modifications and variations can be made thereto.

FIG. 1 shows the process flow of data through the cloud based system of the present application. The process commences with a native data file, the data file is encrypted and broken into segmented parts, and the segmented data file is then forwarded to multiple cloud storage providers located in multiple jurisdictions. A client (or multiple clients) connects to a Storage Director Appliance or Software Application through a Multi-Protocol Connector. The multi-protocol connector may be via a web browser through the Internet. The Storage Director Appliance or Application has the ability to locally store a cached file in a local cache storage. The file is processed by a processing engine where it is encrypted and separated into “n” parts. Each of the parts are passed on to the Cloud Queue Engine, which transmits and deposits the segmented parts to multiple Cloud Providers located in multiple legal jurisdictions. When the file is requested by an authorized user, The Cloud Queue Engine retrieves a copy of each of “n” parts, downloads them to the Storage Director Appliance or Application, and processes the Segmented parts to re-create the original encrypted file. The encrypted file is decrypted, and the native file becomes available to the user.

FIG. 2 shows a flow chart diagram that describes the process of taking a native file and securely storing it in one of multiple cloud vendors located in more than one jurisdiction. To reassemble the file, the process is simply reversed. In step 1, local or native data is received from a Client and ready for processing. In step 2, the file and location data are written to the Storage Director module Lookup Table. In step 3, the file is processed by the Processing Engine, where it is encrypted. The encrypted file is then broken into multiple data blocks, and each block is assigned a unique name or identifier. In step 4, the Storage Director module Lookup table is updated with the block name of each data block and the total Quantity of blocks that were created from the original encrypted file. In steps 5 the data blocks are Forwarded and moved to storage providers as per a preset algorithm as instructed by the Cloud Queue Engine or Module. In step 6, the blocks are forward and moved to one of multiple cloud storage providers which are located in multiple jurisdictions as instructed by the Cloud Queue Engine or Module. The blocks are stored at cloud providers located in different jurisdictions. In step 7, the Storage Director module lookup table is updated with the data location of each block at each Cloud Provider.

In FIG. 3 a graphical representation of the data flow is shown. FIG. 3 also illustrates how data blocks are securely and redundantly stored across Cloud Providers in “n” jurisdictions. Once a native data file is encrypted and broken into data blocks by the Storage Director Appliance or Application, the Cloud Queue Engine or module distributes the blocks to “n” Cloud Providers in “n” legal jurisdictions. Each data block is written to two or more Cloud Providers, which “stripes” the data across multiple providers in varying jurisdictions. If a given Cloud Provider is compromised by going offline and unavailable, the Cloud Queue Engine can still retrieve the data blocks from another Cloud Provider. In addition, if a given Cloud Provider is compromised by a hacker or unauthorized user, the data blocks that may have been compromised are of no value to the hacker, because the hacker will only be in possession of encrypted blocks, and not any entire file.

The present embodiments relate to a systems and methods for secure data storage in a multi-vendor cloud environment in a manner that prevents the third party cloud provider from being able to access or be in possession of complete data files. The computer or device that creates the source data distributes only a portion of a data file to each of a plurality of cloud storage providers. The source computer or device maintains a lookup table and is able to re-assemble the data. Each storage provider only maintains part of each data file, and therefore is never in possession of any complete data file(s). The source computer or device can retrieve each portion of the file from multiple cloud providers, whereby the portions are re-assembled into the complete data file by using the lookup table. The system allows for large amounts of data to be stored across a plurality of third party cloud storage providers in a manner that prevents any third party from having access to any complete file. The data is distributed globally among a plurality of cloud storage providers. No single cloud provider has access to any complete file, as each file is broken into Encrypted segments or data blocks and only one Data block is sent to each cloud provider. Each cloud provider is in a different physical location across multiple jurisdictions. As a result, the file does not exist at rest in any one jurisdiction, thus is not subject to legal and/or regulatory requirements of any single jurisdiction while it is stored in a multi-vendor cloud environment.

The system ensures that any data file stored in a multi-vendor cloud environment in this manner cannot be subject to the laws governing production of, privacy of, or protection of data in any jurisdiction.

In another embodiment, a system and method for securely sharing data files by using a multi-vendor cloud environment in a manner that prevents any third party from being able to access or be in possession of the original source data file is taught. The computer or device that creates the source data splits each file into multiple segments. Each segment is then encrypted using an encryption key defined by the user. Each of the encrypted fragments are then distributed to multiple cloud properties whereby only a portion of the fragments of the source data file is stored to any one of a plurality of cloud storage providers. The source computer or device maintains a pointer file that contains a lookup table and is able to re-assemble the data if it knows the encryption key and has access to the same cloud properties. Each storage provider only maintains part of each data file, and therefore is never in possession of any complete data file(s). Any computer or device that has possession of the pointer file, knows the encryption key, and has access to the cloud provider storage can retrieve each portion of the file from multiple cloud providers, whereby the portions are downloaded, decrypted using the user generated encryption key stored in the pointer file, and re-assembled into the complete data file by using the lookup table. The system allows for large amounts of data to be stored across a plurality of third party cloud storage providers in a manner that prevents any third party from having access to any complete file. The data is safe from being exploited or hacked by any third party, since even if all cloud providers are breached, the data cannot be re-assembled without the encryption key and the lookup table.

In this embodiment, the method comprises; a source data file is created, the source data file is split into fragments; an encryption key is created by the user; each fragment is encrypted using the encryption key; the fragments are distributed in multiple cloud storage providers, whereby no single cloud storage provider is in possession of all fragments; a pointer file is created that stores the location of each fragment; the pointer file is stored locally, and the original file is deleted. The user is able to open the pointer file, enter the encryption key, and authenticate to the cloud storage providers. Each fragmented is transferred from the cloud storage providers to the local computer. The fragments are re-assembled locally on the computer.

In another embodiment, a system and method for securely sharing data files by using a multi-vendor cloud environment in a manner that prevents any third party from being able to access or be in possession of the original source data file is taught. The computer or device that creates the source data splits each file into multiple segments. Each segment is then encrypted using an encryption key defined by the user. Each of the encrypted fragments are then distributed to multiple cloud properties whereby only a portion of the fragments of the source data file is stored to any one of a plurality of cloud storage providers. The source computer or device maintains a pointer file that contains a lookup table and is able to re-assemble the data if it knows the encryption key and has access to the same cloud properties. The pointer file can be freely shared with other users using any data transmission method, including email, copy/paste, etc. Each storage provider only maintains part of each data file, and therefore is never in possession of any complete data file(s). Any computer or device that has possession of the pointer file, knows the encryption key, and has access to the cloud properties can retrieve each portion of the file from multiple cloud providers, whereby the portions are downloaded, decrypted using the user generated encryption key stored in the pointer file, and locally re-assembled into the complete data file. The system allows for large amounts of data to be stored across a plurality of third party cloud storage providers in a manner that prevents any third party from having access to any complete file, unless the source user shares the pointer file, encryption key, and access to the cloud properties. The data at rest is safe from being exploited or hacked by any third party, since even if all cloud providers are breached, the data cannot be re-assembled without the pointer file, encryption key, and access to a complete set of fragments.

In this embodiment, the method comprises: a source data file is created; the source data file is split into fragments; an encryption key is created by user #1; each fragment is encrypted using the encryption key; the fragments are distributed in multiple cloud storage providers, whereby no single cloud storage provider is in possession of all fragments; a pointer file is created that stores the location of each fragment; the pointer file is stored locally, and the original file is deleted. The pointer file is shared with user #2. User #2 is able to access the fragments stored at the cloud storage providers; User #2 has knowledge of the encryption key; User #2 is able to open the pointer file, enter the encryption key, and authenticate to the cloud storage providers. Each fragmented is transferred from the cloud storage providers to the local computer of user #2. The fragments are re-assembled locally on the computer of user #2.

The advantages and features of the application are of a representative sample of embodiments only, and are not exhaustive and/or exclusive. They are presented only to assist in understanding and teach the claimed principles. It should be understood that they are not representative of all disclosed embodiments. As such, certain aspects of the disclosure have not been discussed herein. That alternate embodiments may not have been presented for a specific portion of the invention or that further undescribed alternate embodiments may be available for a portion is not to be considered a disclaimer of those alternate embodiments. It will be appreciated that many of those undescribed embodiments incorporate the same principles of the invention and others are equivalent. Thus, it is to be understood that other embodiments may be utilized and functional, logical, organizational, structural and/or topological modifications may be made without departing from the scope and/or spirit of the disclosure. As such, all examples and/or embodiments are deemed to be non-limiting throughout this disclosure. Also, no inference should be drawn regarding those embodiments discussed herein relative to those not discussed herein other than it is as such for purposes of reducing space and repetition. For instance, it is to be understood that the logical and/or topological structure of any combination of any program components (a component collection), other components and/or any present feature sets as described in the figures and/or throughout are not limited to a fixed operating order and/or arrangement, but rather, any disclosed order is exemplary and all equivalents, regardless of order, are contemplated by the disclosure. Furthermore, it is to be understood that such features are not limited to serial execution, but rather, any number of threads, processes, services, servers, and/or the like that may execute asynchronously, concurrently, in parallel, simultaneously, synchronously, and/or the like are contemplated by the disclosure. As such, some of these features may be mutually contradictory, in that they cannot be simultaneously present in a single embodiment. Similarly, some features are applicable to one aspect of the invention, and inapplicable to others. In addition, the disclosure includes other inventions not presently claimed. Applicant reserves all rights in those presently unclaimed inventions including the right to claim such inventions, file additional applications, continuations, continuations in part, divisions, and/or the like thereof. As such, it should be understood that advantages, embodiments, examples, functional, features, logical, organizational, structural, topological, and/or other aspects of the disclosure are not to be considered limitations on the disclosure as defined by the claims or limitations on equivalents to the claims. It is to be understood that, depending on the particular needs and/or characteristics of a individual and/or enterprise user, database configuration and/or relational model, data type, data transmission and/or network framework, syntax structure, and/or the like, various embodiments of the system may be implemented that enable a great deal of flexibility and customization.

All statements herein reciting principles, aspects, and embodiments of the disclosure, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure.

Descriptions herein of method steps and computer programs represent conceptual embodiments of illustrative circuitry and software embodying the principles of the disclosed embodiments. Thus the functions of the various elements shown and described herein may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software as set forth herein.

In the disclosure hereof any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a) a combination of circuit elements and associated hardware which perform that function or b) software in any form, including, therefore, firmware, microcode or the like as set forth herein, combined with appropriate circuitry for executing that software to perform the function. Applicants thus regard any means which can provide those functionalities as equivalent to those shown herein.

Similarly, it will be appreciated that the system and process flows described herein represent various processes which may be substantially represented in computer-readable media and so executed by a computer or processor, whether or not such computer or processor is explicitly shown. Moreover, the various processes can be understood as representing not only processing and/or other functions but, alternatively, as blocks of program code that carry out such processing or functions.

The methods, systems, computer programs and mobile devices of the present disclosure, as described above and shown in the drawings, among other things, provide for improved social networking platforms and aspects thereof. It will be apparent to those skilled in the art that various modifications and variations can be made in the devices, methods, software programs and mobile devices of the present disclosure without departing from the spirit or scope of the disclosure. Thus, it is intended that the present disclosure include modifications and variations that are within the scope of the subject disclosure and equivalents.

Claims (9)

What is claimed is:
1. A cloud based system for providing data security, the system comprising:
a processor; said processor creates a source data file; wherein said source data file is split into two or more fragments:
an encryption key; said encryption key associated with the two or more fragments; and wherein the two or more fragments are encrypted by the encryption key, wherein the encryption key is created by the user;
a plurality of cloud storage providers; wherein the two or more fragments are distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the two or more fragments;
a pointer file; wherein said pointer file is created on a local computer; wherein the pointer file further comprises a lookup table; wherein said pointer file stores the location of the two or more fragments; and wherein said pointer file is accessed; said encryption key authenticates the plurality of cloud storage providers; the two or more fragments are transferred from the plurality of cloud storage providers to the local computer; wherein the two or more fragments are reassembled; and the source data file is deleted.
2. The system of claim 1, further comprising, wherein the encryption key is auto generated by the processor.
3. The system of claim 1, wherein the pointer file is stored locally on a user's computer.
4. A computer implemented method for providing data security in a cloud based system, the method comprising:
creating via a processor, a source data file;
splitting, via a processor said source data file into at least one two or more fragments;
associating, via a processor an encryption key with the at least one two or more fragments, wherein the encryption key is created by the user;
encrypting, via a processor the two or more fragments by the encryption key, distributing, via a processor the two or more fragments among a plurality of cloud storage providers; whereby no single cloud storage provider possesses all of the two or more fragments;
creating a pointer file on a local computer, wherein the pointer file further comprises a lookup table;
storing the location of the two or more fragments on the pointer file;
accessing said pointer file;
authenticating, via a processor the plurality of cloud storage providers by the encryption key;
transferring, via a processor; the two or more fragments from the plurality of cloud storage providers to the local computer;
reassembling, via a processor the two or more fragments; and wherein the source data file is deleted.
5. A cloud based system for providing data security, the system comprising:
a processor; said processor creates a source data file; wherein said source data fife is split into two or more fragments:
an encryption key; said encryption key created by a first user and associated with the at two or more fragments; and wherein the two or more fragments is-are encrypted by the encryption key;
a plurality of cloud storage providers; wherein the two or more fragments is are distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the two or more fragments;
a pointer file; wherein said pointer file is created on a first local computer and the source data file is deleted; wherein the pointer file further comprises a lookup table; wherein said pointer files stores the location of the two or more fragments; and wherein said pointer file and said encrypt ion key is shared with a second user; wherein said pointer file is accessed by the second user on a second local computer; and wherein the second user uses said encryption key to authenticate the plurality of cloud storage providers; the two or more fragments are transferred from the plurality of cloud storage providers to the second local computer of the second user; wherein the two or more fragments are reassembled by the second user on the second local computer.
6. The system of claim 5, wherein the encryption key and pointer file is shared with the second user through encrypted transmission methods.
7. The system of claim 5, further comprising, wherein the encryption key is auto generated by the processor.
8. The system of claim 5, wherein the pointer file is stored locally on a first or second user's computer.
9. A computer implemented method for providing data security in a cloud based system, the method comprising:
creating via a processor, a source data file on a first local computer of a first user;
splitting, via a processor said source data file into two or more fragments; wherein the first user is creating an encryption key and associating, via a processor the encryption key with the two or more fragments;
encrypting, via a processor the two or more fragments by the encryption key;
distributing, via a processor the two or more fragments among a plurality of cloud storage providers; whereby no single cloud storage provider possesses all of the two or more fragments;
creating a pointer file on the first local computer whereby the source data file is deleted; wherein said pointer file and the encryption is shared by the first user to a second user; and
wherein said pointer file stores the location of the two or more fragments; wherein the pointer file further comprises a lookup table; wherein the second user is accessing said pointer file and using said encryption key to authenticate the plurality of cloud storage provider; and cause the transferring of the two or more fragment's from the plurality of cloud storage providers to a second local computer of the second user; and
wherein the two or more fragments are reassembled on the second local computer of the second user.
US15/226,237 2013-04-15 2016-08-02 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment Active US10043017B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US201361812115P true 2013-04-15 2013-04-15
US14/251,612 US9405926B2 (en) 2014-06-30 2014-06-30 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment
US15/226,237 US10043017B2 (en) 2013-04-15 2016-08-02 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US15/226,237 US10043017B2 (en) 2013-04-15 2016-08-02 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment
EP17840037.0A EP3482336A1 (en) 2016-08-02 2017-08-02 Jurisdiction independent data storage in a multi-vendor cloud environment
PCT/US2017/045149 WO2018031342A1 (en) 2016-08-02 2017-08-02 Jurisdiction independent data storage in a multi-vendor cloud environment
US16/055,587 US20180349619A1 (en) 2013-04-15 2018-08-06 System and Methods for Jurisdiction Independent Data Storage in a Multi-Vendor Cloud Environment
US16/261,720 US20190156045A1 (en) 2013-04-15 2019-01-30 Systems and methods for digital currency or crypto currency storage in a multi-vendor cloud environment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/251,612 Continuation-In-Part US9405926B2 (en) 2014-06-30 2014-06-30 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/055,587 Continuation US20180349619A1 (en) 2013-04-15 2018-08-06 System and Methods for Jurisdiction Independent Data Storage in a Multi-Vendor Cloud Environment

Publications (2)

Publication Number Publication Date
US20170372078A1 US20170372078A1 (en) 2017-12-28
US10043017B2 true US10043017B2 (en) 2018-08-07

Family

ID=60677763

Family Applications (2)

Application Number Title Priority Date Filing Date
US15/226,237 Active US10043017B2 (en) 2013-04-15 2016-08-02 Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment
US16/055,587 Pending US20180349619A1 (en) 2013-04-15 2018-08-06 System and Methods for Jurisdiction Independent Data Storage in a Multi-Vendor Cloud Environment

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/055,587 Pending US20180349619A1 (en) 2013-04-15 2018-08-06 System and Methods for Jurisdiction Independent Data Storage in a Multi-Vendor Cloud Environment

Country Status (1)

Country Link
US (2) US10043017B2 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220985A1 (en) * 2002-05-24 2003-11-27 Hitachi,Ltd. System and method for virtualizing network storages into a single file system view
US20090300719A1 (en) 2008-05-29 2009-12-03 James Michael Ferris Systems and methods for management of secure data in cloud-based network
US20100235887A1 (en) 2009-03-13 2010-09-16 Novell, Inc. System and method for queuing to a cloud via a queuing proxy
US20100299313A1 (en) 2009-05-19 2010-11-25 Security First Corp. Systems and methods for securing data in the cloud
US20120278622A1 (en) 2011-04-29 2012-11-01 Stephen Lesavich Method and system for electronic content storage and retrieval with galois fields on cloud computing networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220985A1 (en) * 2002-05-24 2003-11-27 Hitachi,Ltd. System and method for virtualizing network storages into a single file system view
US20090300719A1 (en) 2008-05-29 2009-12-03 James Michael Ferris Systems and methods for management of secure data in cloud-based network
US20100235887A1 (en) 2009-03-13 2010-09-16 Novell, Inc. System and method for queuing to a cloud via a queuing proxy
US20100299313A1 (en) 2009-05-19 2010-11-25 Security First Corp. Systems and methods for securing data in the cloud
US20120278622A1 (en) 2011-04-29 2012-11-01 Stephen Lesavich Method and system for electronic content storage and retrieval with galois fields on cloud computing networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
International Search Report and Written Opinion dated Dec. 24, 2015 during prosecution of International Application No. PCT/2015/038433.

Also Published As

Publication number Publication date
US20170372078A1 (en) 2017-12-28
US20180349619A1 (en) 2018-12-06

Similar Documents

Publication Publication Date Title
US8479301B2 (en) Offline access in a document control system
US9137222B2 (en) Crypto proxy for cloud storage services
US8984582B2 (en) System and method for secure synchronization of data across multiple computing devices
US8468345B2 (en) Containerless data for trustworthy computing and data services
US9922203B2 (en) Systems and methods for facilitating access to private files using a cloud storage system
US8627489B2 (en) Distributed document version control
US8707457B2 (en) Methods and systems for forcing an application to store data in a secure storage location
US20120042162A1 (en) Cloud Data Management
JP6276388B2 (en) Shared content permissions
JP5639660B2 (en) Confirmable trust for data through the wrapper complex
US8925108B2 (en) Document access auditing
US8086698B2 (en) Synchronizing configuration information among multiple clients
US8082316B2 (en) Resolving conflicts while synchronizing configuration information among multiple clients
US8413261B2 (en) Sharing private data publicly and anonymously
US8516591B2 (en) Security monitoring
JP5000457B2 (en) File sharing system and file sharing method
US10177978B2 (en) Community internet drive
JP2012530391A (en) Secure private backup storage and processing for trusted computing and data services
US8996884B2 (en) High privacy of file synchronization with sharing functionality
JP2013513834A (en) Reliable Extensible Markup Language for Reliable Computing and Data Services
US9424432B2 (en) Systems and methods for secure and persistent retention of sensitive information
US9294485B2 (en) Controlling access to shared content in an online content management system
WO2012016091A2 (en) Protecting documents using policies and encryption
US20130212707A1 (en) Document control system
US20150244684A1 (en) Data security management system

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE